From: Frederic Lecaille <flecaille@haproxy.com>
Date: Wed, 24 Jul 2024 09:07:19 +0000 (+0200)
Subject: MINOR: quic: Avoid cc priv buffer overflow.
X-Git-Tag: v3.1-dev4~16
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=735e4aecfcf34ec46c3143bfad9a123466fd8296;p=thirdparty%2Fhaproxy.git

MINOR: quic: Avoid cc priv buffer overflow.

Add two initcall callback with BUG_ON_HOT() to newro and cubic modules to
ensure there is no buffer overflow when accessing the private data of
these congestion control algorithm state structures. This is to ensure
that further modifications about these data structures will not
lead to surprises. At this time there is no possible buffer overflow.
---

diff --git a/src/quic_cc_cubic.c b/src/quic_cc_cubic.c
index 4bd1a7ce42..51d11b11c2 100644
--- a/src/quic_cc_cubic.c
+++ b/src/quic_cc_cubic.c
@@ -640,3 +640,11 @@ struct quic_cc_algo quic_cc_algo_cubic = {
 	.hystart_start_round = quic_cc_cubic_hystart_start_round,
 	.state_trace = quic_cc_cubic_state_trace,
 };
+
+void quic_cc_cubic_check(void)
+{
+	struct quic_cc *cc;
+	BUG_ON_HOT(sizeof(struct cubic) > sizeof(cc->priv));
+}
+
+INITCALL0(STG_REGISTER, quic_cc_cubic_check);
diff --git a/src/quic_cc_newreno.c b/src/quic_cc_newreno.c
index ca298776c4..4d035b5511 100644
--- a/src/quic_cc_newreno.c
+++ b/src/quic_cc_newreno.c
@@ -223,3 +223,10 @@ struct quic_cc_algo quic_cc_algo_nr = {
 	.state_trace = quic_cc_nr_state_trace,
 };
 
+void quic_cc_nr_check(void)
+{
+	struct quic_cc *cc;
+	BUG_ON_HOT(sizeof(struct nr) > sizeof(cc->priv));
+}
+
+INITCALL0(STG_REGISTER, quic_cc_nr_check);